Skip to end of metadata
Go to start of metadata

 

Before You Begin

Gather the following information:

  • A description (name) of the domain controller
  • The IP Address of Fully Qualified Domain Name of the domain controller
  • The search scope
  • The LDAP query

To add or modify a Domain Controller:

  1. In the WebUI, click the Settings tab.
  2. In the left navigation pane, go to Auth and Directory Services > Active Directory > Domain Controllers.

    Figure : Domain Controllers Table

     

Modifying Domain Controller Properties

  1. Click the expand () Icon next to the entry you wish to modify.
  2. Edit the entry properties as required, see details below.

Adding a Domain Controller

  1. Click the Add Domain Controller() icon at the top of the Domain Controllers Table page.

    Figure : Create Domain Controller

     

Domain Controller - Field Definitions

Domain Controller Address

Specifies an IP address or Fully Qualified Domain Name (FQDN) of the Domain Controller. Valid entries include IPv4 address, IPv6 address, or FQDN.

DC Type

Specifies the type of domain controller, either Authentication, Call Route, or On Premise.

  • Authentication. Authenticates user log-ins.
  • Call Route. Supplies call routing information.
  • On Premise. Notifies AD that it will be looking up On Premise; this enables the user to enter data to narrow the search scope, and allows the proper user records to be retrieved quickly from the AD server.

Search Scope

Specifies the tree location in Active Directory to use as the starting point for search queries or authentication requests.

LDAP Query

Applies a filter to the Search Scope to limit the number of active directory users included in the cache. This field applies only when Call Route is selected from DC Type.

Wildcards are not recommended any place except at the end of the LDAP query string.

Server Timeout

NOTE: This field apples to Release 5.0.2 and later.

Sets the LDAP timeout, which is used to query the external Domain Controller duirng cache refreshes and other activity. At any point, if the Domain Controller does not respond within the timeout period, the current operation is aborted and an alarm is raised. This value should be adjusted only when it has been determined that timeouts are occurring.

Valid entry: 5 to 15 seconds.

If a timeout is encountered during an AD cache refresh, the SBC attempts to load the cache for that DC from the backup file representing the last successful cache refresh. If successful, the partial cache collected prior to the timeout is discarded since it contains incomplete records. The AD Cache Status field is updated to Backup (in the Domain Controller Status window) and an alarm is still sent to inform the administrator that a timeout was encountered.

If the SBC is unable to load the cache from the last backup (no backup file present), the partial information collected thus far will be retained, and in this case, the SBC will not have a complete set of records. The AD Cache Status field is updated to Incomplete (in the Domain Controller Status window). See Managing Domain Controllers.

User Name

Specifies username (BindDN) to use for querying the Active Directory. The user name must be either the sAMAccountName or the UPN.

Enter/Confirm Password

Specifies a new password (BindPW) to use for querying the Active Directory.

DC Priority

Specifies the priority ranking of the domain controller for Active Directory queries and is based on domain controller type.
Specifies the order in which the AD queries the domain controllers. Both authentication and call routing domain controllers start at priority 1 (highest) and both may have priority 1.

For Authentication DCs: Only the Priority 1 DC is used unless the DC is down (in this case Priority 2 DC is used).

For Call Route DCs: All DCs are queried in the order of configured priority, until a successful result is obtained.